MDKSA-2001:065

Package name

openssl

Date

2001-07-18

Advisory ID

MDKSA-2001:065

Affected versions

8.0 i586 , SNF7.2 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

The pseudo-random number generator in OpenSSL versions up to 0.9.6a has a design flaw. By knowing the output of specific PRNG requests, an attacker would be able to determine the PRNG's internal state and thus predict future PRNG output.

Updated packages

8.0 i586

 f54861925712bd65d7d5555a0e38ff10  8.0/RPMS/openssl-0.9.6-7.1mdk.i586.rpm
c158998f6a756797377eecbd05e1aeba  8.0/RPMS/openssl-devel-0.9.6-7.1mdk.i586.rpm
3a82451e57a589b9bef82b10331dc1f4  8.0/SRPMS/openssl-0.9.6-7.1mdk.src.rpm

SNF7.2 i586

 28d9da5ffaf74b3e7b2fd840cba9503e  snf7.2/RPMS/openssl-0.9.5a-8.1mdk.i586.rpm
e520be24cdc8334e6cc29f46ff5889ab  snf7.2/SRPMS/openssl-0.9.5a-8.1mdk.src.rpm

7.2 i586

 28d9da5ffaf74b3e7b2fd840cba9503e  7.2/RPMS/openssl-0.9.5a-8.1mdk.i586.rpm
26001af79f5bd71eca0e36d340bb1e4d  7.2/RPMS/openssl-devel-0.9.5a-8.1mdk.i586.rpm
e520be24cdc8334e6cc29f46ff5889ab  7.2/SRPMS/openssl-0.9.5a-8.1mdk.src.rpm

7.1 i586

 1a1d6474342301a3ad43beca47bb19ff  7.1/RPMS/openssl-0.9.5a-3.1mdk.i586.rpm
39f1223a964c9cb0b5588457385c4739  7.1/RPMS/openssl-devel-0.9.5a-3.1mdk.i586.rpm
04fda645da3714a71624a729e5954c78  7.1/SRPMS/openssl-0.9.5a-3.1mdk.src.rpm

CS1.0 i586

 1a1d6474342301a3ad43beca47bb19ff  1.0.1/RPMS/openssl-0.9.5a-3.1mdk.i586.rpm
39f1223a964c9cb0b5588457385c4739  1.0.1/RPMS/openssl-devel-0.9.5a-3.1mdk.i586.rpm
04fda645da3714a71624a729e5954c78  1.0.1/SRPMS/openssl-0.9.5a-3.1mdk.src.rpm

References

• http://marc.theaimsgroup.com/?l=openssl-announce&m=98655255404174&w=2
• http://marc.theaimsgroup.com/?l=openssl-announce&m=99470949306468&w=2